spitfoo

Why on earth MTA tries to access my Windows Live Messenger?

Recommended Posts

Devs, explain this:

http://i52.tinypic.com/w82jkk.png

Tell me why MTA is trying to access wlcomm.exe. What the hell does MTA has to do with Windows Live Messenger? Why do I even need to bother to post this, they shouldn't interfere with each other in any way.

As I'm running the latest COMODO Firewall with HIPS, I also got a reminder from D+ when installing MTA about the package requiring complete control over my computer when installing, never got such warning with any other installers.

I ended up scanning the installation file with Jotti's Malware Scan and the result was positive with 2 engines. One claimed it to be packed (no worries about that, though) and the other said it includes a variant of Eldorado Injector (probably FP). I am way too lazy to start doing any sort of PE investigation or reverse engineering since I assume you have a logical explanation for this kind of behaviour.

You should definitely change the installer to not produce any more of these warnings. I am concerned of my safety and will not install MTA until I get my answer.

Thank you for your time.

Share this post


Link to post

As far as I know, MTA works by hacking gta_sa.exe's memory. Apparently that cause a number of anti-virus scanners to call it whatever, because I suppose a program hacking another isn't considered good behaviour.

MTA is open-source, I think someone would've wondered why there'd be code interfering with wlcomm.exe before this matter. I'm not really into all technical aspects, but I think the installation part is related to how some installation software works. Anyways there's a bunch of people who got a much better explanation for all this.

Share this post


Link to post

This is down to anticheat. MTA scans running processes to see if there are any cheating tools/trainers running, much like e.g. Punkbuster.

Share this post


Link to post
As far as I know, MTA works by hacking gta_sa.exe's memory. Apparently that cause a number of anti-virus scanners to call it whatever, because I suppose a program hacking another isn't considered good behaviour.

MTA is open-source, I think someone would've wondered why there'd be code interfering with wlcomm.exe before this matter. I'm not really into all technical aspects, but I think the installation part is related to how some installation software works. Anyways there's a bunch of people who got a much better explanation for all this.

The widely used Truecrypt is also open-source with source code available for anyone to compile. Yet it's said the executable contains malicious code in a form of a "good" backdoor (a possibility to recover the password in case of emergency). The thing is the code is so complicated and nearly impossible to compile to produce exactly the same executable as the one given to public. But thanks for your response, it seemed that you were on "track" of what was going on.

This is down to anticheat. MTA scans running processes to see if there are any cheating tools/trainers running, much like e.g. Punkbuster.

Thank you. I never knew MTA included a internal anticheat. This seems like the very cause of the alerts.

Thanks for your quick response. I will install MTA and start gaming right away. :-)

Share this post


Link to post

MTA does use some techniques that look similar to what a virus might do, so virus scanners heuristics do flag it as a virus from time to time.

As long as you've downloaded MTA from the main MTA site, you should be fine!

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.